0

I am trying to tinker with the appearance of the Dock in OS X.

I have the raw data from the Dock's Mach-O executable, but I do not know much about them. I am trying to figure out where I might find the segments/sections where the Dock actually gets drawn. For example, I see all kinds of sections, such as __DATA,__mod_init_func and __DATA,__cfstring, and I am just wondering if there is an easy way to tell which of these sections (or even particular segments) has the data I'm looking for, or a way decompile the data into a more readable format.

mdl00
  • 11
  • 3
  • It's not clear what kind of data you're actually looking for. There are only two relevant things though, code and assets. Assets (mostly images) you can find simply in the "Resources" folder. Code is usually stored in the __TEXT segment, and is not straightforward to decompile. In order to find out what library functions are called, run `nm` and go through the list until you find a function/class that sounds like the action you're looking for. In order to find out what the code really does, you can only disassemble it (`otool -tV`), but that'll leave you with lots and lots of assembly. – Siguza Aug 19 '16 at 18:54
  • Try using a diassembler like Hopper to get an idea how the binary is organised. – Kamil.S Apr 04 '17 at 09:45

1 Answers1

2

You can't really "decompile" a mach-o file unless you understand everything about them. You can get some "human-readable" contents from the raw data like its methods and instances eg. 

-[AClass anInstance:]

would be something like: 

-(id)anInstance:(id)arg1;

I would suggest some other tool for understanding this. There are a few command lines that could use:

nm /path/to/mach-o   // Prints all the strings of a Mach-O Executable

hexdump -C /path/to/mach-o    // Shows the Hexadecimal Code of a Mach-O Executable

otool -t /path/to/mach-o    // Outputs the raw (Hexadecimal) "_TEXT,__text" section of a Mach-O Executable (Compare this with the hexdump -C command)
otool -tV /path/to/mach-o    // Outputs the converted (Human Readable-ish) "__TEXT,__text" section of a Mach-O Executable

But if you really want to understand everything about Mach-O

I suggest downloading Hopper at: https://www.hopperapp.com Which is good for showing you bytes of a mach-o binary and what they're for. Then you can have a look here: https://www3.nd.edu/~dthain/courses/cse40243/fall2015/intel-intro.html which will teach you how to understand how the mach-o is compiled and how you can read the execution methods.

eg. 

1. Open Hopper and drag and drop in the Mach-O executable then wait for it to load.

2. Execute "otool -tV /path/to/mach-o" in Terminal.app

You can notice the difference between hopper and terminal's output and begin to piece the differences together. You can then open the website I provided and learn what all the output functions are for.

I hope this helped you a little and gets you started on a search for knowledge.

Your Welcome.

YeaTheMans
  • 1,005
  • 8
  • 19